3 # Copyright (C) 2014 Simo Sorce <simo@redhat.com>
5 # see file 'COPYING' for use and warranty information
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 from ipsilon.util.page import Page
22 from ipsilon.providers.saml2.provider import ServiceProvider
23 from ipsilon.providers.saml2.provider import ServiceProviderCreator
24 from ipsilon.providers.saml2.provider import InvalidProviderId
28 VALID_IN_NAME = r'[^\ a-zA-Z0-9]'
31 class NewSPAdminPage(Page):
33 def __init__(self, site, parent):
34 super(NewSPAdminPage, self).__init__(site)
36 self.title = 'New Service Provider'
37 self.backurl = parent.url
38 self.url = '%s/new' % (parent.url,)
40 def form_new(self, message=None, message_type=None):
41 return self._template('admin/providers/saml2_sp_new.html',
44 message_type=message_type,
45 name='saml2_sp_new_form',
46 backurl=self.backurl, action=self.url)
48 def GET(self, *args, **kwargs):
49 return self.form_new()
51 def POST(self, *args, **kwargs):
53 if self.user.is_admin:
54 #TODO: allow authenticated user to create SPs on their own
55 # set the owner in that case
58 if 'content-type' not in cherrypy.request.headers:
59 self._debug("Invalid request, missing content-type")
60 message = "Malformed request"
61 message_type = "error"
62 return self.form_new(message, message_type)
63 ctype = cherrypy.request.headers['content-type'].split(';')[0]
64 if ctype != 'multipart/form-data':
65 self._debug("Invalid form type (%s), trying to cope" % (
66 cherrypy.request.content_type,))
67 for key, value in kwargs.iteritems():
69 if re.search(VALID_IN_NAME, value):
70 message = "Invalid name!" \
71 " Use only numbers and letters"
72 message_type = "error"
73 return self.form_new(message, message_type)
77 if hasattr(value, 'content_type'):
78 meta = value.fullvalue()
80 self._debug("Invalid format for 'meta'")
84 spc = ServiceProviderCreator(self.parent.cfg)
85 sp = spc.create_from_buffer(name, meta)
86 sp_page = self.parent.add_sp(name, sp)
87 message = "SP Successfully added"
88 message_type = "success"
89 return sp_page.form_standard(message, message_type)
90 except InvalidProviderId, e:
92 message_type = "error"
93 except Exception, e: # pylint: disable=broad-except
95 message = "Failed to create Service Provider!"
96 message_type = "error"
98 message = "A name and a metadata file must be provided"
99 message_type = "error"
101 message = "Unauthorized"
102 message_type = "error"
104 return self.form_new(message, message_type)
106 def root(self, *args, **kwargs):
107 op = getattr(self, cherrypy.request.method, self.GET)
109 return op(*args, **kwargs)
112 class InvalidValueFormat(Exception):
116 class UnauthorizedUser(Exception):
120 class SPAdminPage(Page):
122 def __init__(self, sp, site, parent):
123 super(SPAdminPage, self).__init__(site)
127 self.backurl = parent.url
128 self.url = '%s/sp/%s' % (parent.url, sp.name)
130 def form_standard(self, message=None, message_type=None):
131 return self._template('admin/providers/saml2_sp.html',
133 message_type=message_type,
135 name='saml2_sp_%s_form' % self.sp.name,
136 backurl=self.backurl, action=self.url,
139 def GET(self, *args, **kwargs):
140 return self.form_standard()
142 def change_name(self, key, value):
144 if value == self.sp.name:
147 if self.user.is_admin or self.user.name == self.sp.owner:
148 if re.search(VALID_IN_NAME, value):
149 err = "Invalid name! Use only numbers and letters"
150 raise InvalidValueFormat(err)
152 self._debug("Replacing %s: %s -> %s" % (key, self.sp.name, value))
153 return {'name': value, 'rename': [self.sp.name, value]}
155 raise UnauthorizedUser("Unauthorized to rename Service Provider")
157 def change_owner(self, key, value):
158 if value == self.sp.owner:
161 if self.user.is_admin:
162 self._debug("Replacing %s: %s -> %s" % (key, self.sp.owner, value))
163 return {'owner': value}
165 raise UnauthorizedUser("Unauthorized to set owner value")
167 def change_default_nameid(self, key, value):
168 if value == self.sp.default_nameid:
171 if self.user.is_admin:
172 self._debug("Replacing %s: %s -> %s" % (key,
173 self.sp.default_nameid,
175 return {'default_nameid': value}
177 raise UnauthorizedUser("Unauthorized to set default nameid value")
179 def change_allowed_nameids(self, key, value):
180 v = set([x.strip() for x in value.split(',')])
181 if v == set(self.sp.allowed_nameids):
184 if self.user.is_admin:
185 self._debug("Replacing %s: %s -> %s" % (key,
186 self.sp.allowed_nameids,
188 return {'allowed_nameids': list(v)}
190 raise UnauthorizedUser("Unauthorized to set alowed nameids values")
192 def POST(self, *args, **kwargs):
194 message = "Nothing was modified."
195 message_type = "info"
199 for key, value in kwargs.iteritems():
201 r = self.change_name(key, value)
205 r = self.change_owner(key, value)
209 elif key == 'default_nameid':
210 r = self.change_default_nameid(key, value)
214 elif key == 'allowed_nameids':
215 r = self.change_allowed_nameids(key, value)
219 except InvalidValueFormat, e:
221 message_type = "warning"
222 return self.form_standard(message, message_type)
223 except UnauthorizedUser, e:
225 message_type = "error"
226 return self.form_standard(message, message_type)
227 except Exception, e: # pylint: disable=broad-except
228 self._debug("Error: %s" % repr(e))
229 message = "Internal Error"
230 message_type = "error"
231 return self.form_standard(message, message_type)
235 if 'name' in results:
236 self.sp.name = results['name']
237 if 'owner' in results:
238 self.sp.owner = results['owner']
239 if 'default_nameid' in results:
240 self.sp.default_nameid = results['default_nameid']
241 if 'allowed_nameids' in results:
242 self.sp.allowed_nameids = results['allowed_nameids']
243 self.sp.save_properties()
244 if 'rename' in results:
245 rename = results['rename']
246 self.parent.rename_sp(rename[0], rename[1])
247 message = "Properties succssfully changed"
248 message_type = "success"
249 except Exception: # pylint: disable=broad-except
250 message = "Failed to save data!"
251 message_type = "error"
253 return self.form_standard(message, message_type)
255 def root(self, *args, **kwargs):
256 op = getattr(self, cherrypy.request.method, self.GET)
258 return op(*args, **kwargs)
261 self.parent.del_sp(self.sp.name)
262 self.sp.permanently_delete()
263 return self.parent.root()
264 delete.exposed = True
267 class AdminPage(Page):
268 def __init__(self, site, config):
269 super(AdminPage, self).__init__(site)
275 self.sp = Page(self._site)
277 def add_sp(self, name, sp):
278 page = SPAdminPage(sp, self._site, self)
279 self.sp.add_subtree(name, page)
280 self.providers.append(sp)
283 def rename_sp(self, oldname, newname):
284 page = getattr(self.sp, oldname)
285 self.sp.del_subtree(oldname)
286 self.sp.add_subtree(newname, page)
288 def del_sp(self, name):
290 page = getattr(self.sp, name)
291 self.providers.remove(page.sp)
292 self.sp.del_subtree(name)
293 except Exception, e: # pylint: disable=broad-except
294 self._debug("Failed to remove provider %s: %s" % (name, str(e)))
296 def mount(self, page):
297 self.menu = page.menu
298 self.url = '%s/%s' % (page.url, self.name)
299 for p in self.cfg.idp.get_providers():
301 sp = ServiceProvider(self.cfg, p)
302 self.add_sp(sp.name, sp)
303 except Exception, e: # pylint: disable=broad-except
304 self._debug("Failed to find provider %s: %s" % (p, str(e)))
305 self.add_subtree('new', NewSPAdminPage(self._site, self))
306 page.add_subtree(self.name, self)
308 def root(self, *args, **kwargs):
309 return self._template('admin/providers/saml2.html',
310 title='SAML2 Administration',
311 providers=self.providers,